|
Change your SQL statemente to this:
<br />
OleDbCommand myCommand = new OleDbCommand("UPDATE tblZtest SET PropertyType = " +<br />
"? WHERE zTest = ?", myConnection);
The Oledb classes expect '?' placeholers for parameters, not the names. The parameters collection must be filled in the same order as the '?' placeholders. The OledbParameter objects still need unique names.
Absolute faith corrupts as absolutely as absolute power
Eric Hoffer
All that is necessary for the triumph of evil is that good men do nothing.
Edmund Burke
|
|
|
|
|
I have a stored procedure that takes two parameters
(1) insert statement
(2) user name
It just executes the insert statement.
There is only one database user in the database.
My requirement is
(1) I need a way for the insert trigger to access the user name for inserting data into audit trail tables.
(2) In case when many users are logged in at the same time, how do I know which user name to use.
In our firm we have the constraint of one database user per database.
If there is any other solution please advise.
Live Life King Size
Alomgir Miah
|
|
|
|
|
Alomgir Miah wrote:
I need a way for the insert trigger to access the user name for inserting data into audit trail tables.
Why? you are inside a stored procedure, let it do the work.
Alomgir Miah wrote:
In our firm we have the constraint of one database user per database.
Unless you have a very good reason for this then that is a crazy constraint. How do you share information? (Which is one of the major advantages of having a database in the first place)
Also, if you only have one user per database then what is the problem? Surely you know who's using what database.
My: Blog | Photos
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
Thanks a lot for your reply.
I think I was not very clear in my questions.
I am passing
(1) An insert query string
(2) UserName
to the stored procedure. As soon as the insert happens, the insert trigger is fired. In the insert trigger I am auditind the data by storing the changes(insert in this case) into an
audit trail table.
The answers to your questions are
(1) The trigger can access the database user only through user_name
INSERT INTO AuditTrail
SELECT user_name(),getdate(),'Fund','FamilyID',@rowid,'Insert',null,convert(varchar,FamilyID)
FROM inserted
But I need a way to access the parameter passed into SP.
(2) I know the constraint sucks. This is enforced for security reasons. More users means more activity tracking for all users. This means more work for the support groups and security holes in the application. ( Frankly, I dont agree to this at all like you said. ). But it does not means one user. It means many kerberos user and only one database user.
So the only solution I can think of is having a LastUpdatedBy column in the tables we are auditing. So the insert statement in the Trigger changes to
INSERT INTO AuditTrail
SELECT LastUpdatedBy,getdate(),'Fund','FamilyID',@rowid,'Insert',null,convert(varchar,FamilyID)
FROM inserted
and I wont need the stored procedure in discussion at all.
Is it the best way to go keeping in mind the constraints we have.
Live Life King Size
Alomgir Miah
|
|
|
|
|
Having a LastUpdatedBy column in the table(s) would be a possible solution as the trigger can get that information.
But, why are you passing an insert statement into the stored procedure. You'd need to do something like EXEC(@insertStatement) which kind of blows away the purpose of a stored procedure if that is all you are doing. It is much better, and more secure, if you create a stored procedures (plural) for your data access and modification needs so that the each stored procedure can do sanity checking on the data and also it means that only the actions that the stored procedures can perform are available to outside applications (assuming you revoke access to the tables and views directly for the database user that is being used by the application). The stored procedures can also update the relevant audit tables for you. That would mean that you no longer need to have a LastUpdatedBy column in your tables.
Assuming those above you are serious about security - but their one user for the whole database seems inherently insecure, they should have set up roles so that each person can only access the data they need. I know the application is probably stopping that kind of access, but there could be a weakness in the application and it is better to have multiple levels of security. That is why if you look at ancient castles that still exist today then you'll see they have many layers of protection. If an invader breaks down one wall or gate then the occupants can retreat and fight from the next gate.
My: Blog | Photos
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
This really helped. I will be exploring the possibilities based on your inputs.
I got rid of the SP. Its purpose was just to accept the username. I was just trying to use it.
Well I am using Object Oriented Database with a Class per table. I have a Query Generator too which generates dynamic SQL queries on the fly. So I dont use SP's to do Select's , Insert's,
Delete's and Update's. The business rules are implemented in the Data Access Layer.
Live Life King Size
Alomgir Miah
|
|
|
|
|
What is the difference between DataRow Class and Insert command in ADO.Net?
Sometimes I use Insert command or DataRow class. Which one is faster than others. Both of them are used for inserting the new value of Row in the table.
Thanks.
|
|
|
|
|
I've been asking around about this specific problem I have comparing times,
but as you know dates are stored in the following format: 2005/07/21 03:18:10 PM.
I want to select all between 08:10:00 and 08:55:00, disregarding the actual date. This will
then tell me when the labs are the busiest during the day.
this is the query:
select count (*) from User_Lab_Access
where LabID = 'R229'
and DateTime >= '2005/07/21 08:10:00'
and DateTime <= '2005/07/21 08:55:00'
* Remember disregarding the yyyy/mm/dd
|
|
|
|
|
I do not know if it is the best solution, but this should work:
select count (*) from User_Lab_Access<br />
where LabID = 'R229'<br />
and DateTime -floor(cast(DateTime as float)) between '08:10:00' and '08:55:00'<br />
Wout Louwers
|
|
|
|
|
Try:
select count (*) from User_Lab_Access
where LabID = 'R229'
and Convert(char(8), DateTime, 8) between '08:10:00' and '08:55:00'
|
|
|
|
|
This will work in SQL server converting the time funcation into an Int between 0 and 2359
select count (*) from User_Lab_Access
where LabID = 'R229'
AND ( (DATEPART(hour, DateTime) * 100) + (DATEPART(minute, DateTime)) ) > 810 )
AND ( (DATEPART(hour, DateTime) * 100) + (DATEPART(minute, DateTime)) ) < 855 )
|
|
|
|
|
Hi!
I want to Add/Update/Get one record at one time.
suppose i have userTable with
int userID
nvarchar username
nvarchar email
to add data to userTable which is better?
1. using DataRow and fill it with userID,username,email and pass it to DataAccessLayer
2.Create user Class (USEREN) and using USEREN userBObj and fill it with userID,username,email and pass it to DataAccessLayerDataAccessLayer
thanks.
|
|
|
|
|
Personally, I would just create a stored procedure, create an SqlCommand with the relevant parameters and Execute it.
SqlCommand cmd = new SqlCommand("AddUser", myConnection);
cmd.Parameters.Add("@userID", theUserID);
cmd.Parameters.Add("@userName", theUserName);
cmd.Parameters.Add("@email", theEmailAddress);
cmd.CommandType = CommandType.StoredProcedure
cmd.ExecuteNonQuery();
And the stored procedure would look like this:
CREATE PROCEDURE dbo.AddUser
@userID int,
@userName nvarchar(50),
@email nvarchar(50)
AS
INSERT userTable(userID, username, email)
VALUES (@userID, @userName, @email);
GO
The above C# code would go in the DAL (Data Abstraction Layer).
Does this help?
My: Blog | Photos
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
Thanks
But i want to find best way to Pass userID , username , email between Layers of a n-tier System.
|
|
|
|
|
|
|
Hi all,
Corresponding .cs file is not added when I add a Crytal Report file in Solution Explorer VS.Net2003. And therefore I am unable to use Strong-Typed report object in my C# code.
I have added the References
using CrystalDecisions.CrystalReports.Engine;
using CrystalDecisions.Windows.Forms;
and I selected 'Show All Files' in Solution Explorer.
There is no error in compiling the project. So why the corresponding .cs file of the .rpt file is not added in my Solution Explorer?
Please help.
Arif.
|
|
|
|
|
hi friends,
any one please help me how to store a word document into sql server's blob.
|
|
|
|
|
I have to compare data in a table in a SQL Server DB at two different points of time to check if the concerned rows have been modified/deleted/new additions.
I am using a Stored Procedure to retrieve data the DB and save the data in another table. Now at a later time, I am retrieving this saved data into a first dataset. At the same time, I am using the Stored Procedure I used earlier and getting the current data in the second dataset. Now I have to compare these two datasets and get the modified/deleted/new rows. Any suggestions of how to do this?
All your help is appreciated.
Cheers
Kathy
|
|
|
|
|
Have you tried using Diffgrams
|
|
|
|
|
I am having a problem while working with DataAdapter and linked server. What is happening is that When I select records using "select * from bk...tablename" it gets the record in dataset but when I want to update that dataset it omits the "..." link "bk.tablename" so it does not find the Linked Server.
Any suggestion?
" I have found a new world but... lost the one I belong to... "
|
|
|
|
|
update linkedserver...tablename
SET myfield = 'Hello'
When mykey = 1
|
|
|
|
|
Thanks for the reply but my problem is that I want to do it with the help of Data Adapter Thanks any ways
" I have found a new world but... lost the one I belong to... "
|
|
|
|
|
hi
I m passing the date parameter to a stored procedure. The stored procedure not does not accept the date format as 'dd/mm/yyyy'. It gives an error -"error converting data type varchar to datetime".
My machine's regional setting is set to 'UK' i.e. "dd/mm/yyyy".
How can i make a change in SQL server so that it accepts date parameters in the "dd/mm/yyyy".
please help
shelly
|
|
|
|
|